ABB: Securing Critical Infrastructure

Wednesday, March 27, 2013 @ 11:03 AM gHale

By Gregory Hale
For the first time in history, we have everyone on the front line in the battle against cyber attackers.

While that may be considered fanning the flames of Fear, Uncertainty and Doubt (FUD), Shawn Henry, former head of the FBI counterintelligence unit and president of CrowdStrike Services, doesn’t think so.

“Our digital DNA is all stored or transmitted electronically and it is riding on an inherently insecure network,” Henry said during his keynote address at ABB Automation and Power World in Orlando, FL, Wednesday. “It can’t be protected, there are too many vulnerabilities. There is no short-term answer to this long-term problem.”

There are three types of groups Henry said have the potential to cause harm to systems:
• Organized criminals
• Terrorist groups
• Foreign intelligence services
The organized criminal groups are mainly found in Eastern Europe and mainly focus on financial services. “These are incredibly sophisticated, but the people work in a virtual environment,” Henry said. So the group of hackers never meet face to face, but they work together in a virtual environment to focus their energies on an attack.

Terrorist groups are becoming more of a threat, Henry said. They are very similar to the terrorists that attacked the U.S. on 9/11, but, instead, they are attacking digitally, he said.

“Anybody with a $500 laptop can attack anyone, anywhere in the world,” Henry said.

In the old days, Henry said if there was a bank robbery, your list of suspects were in a short radius of where the incident took place. “Today, the pool of suspects is anyone with an Internet connection.”

The third group Henry mentioned was the foreign intelligence services. These are countries that are organizing attacks to steal money, data, and intellectual property to name a few. Henry said the names of the usual suspects of countries: China, Russia, and Iran, but there are more.

“Foreign intelligence services are going after networks and (companies) don’t even know it,” Henry said. “We would go to companies and tell them they were compromised and they didn’t even know it. Then we would show them proof. We found people on the network for four months and up to two years stealing whatever there was on the network.”

Quite a few times, the bad guys work in tandem with company insiders. “We have seen adversaries get people placed in targeted companies.”

One of the problems in the battle against attackers is communication. Not enough companies share information with the government or with each other. There have been two well-known attacks of late where Saudi Aramco suffered an attack that wiped out at least 30,000 computers and companies in South Korea lost about 30,000 computers also.

That is what led Henry to say addressing vulnerabilities just does not work.

“Instead of addressing vulnerabilities, you have to know who your adversaries are,” he said.

For a company to get a clear understanding of their security message, the leadership has to rally behind the cause, Henry said. While it doesn’t all fall on the shoulders of the chief executive, the company’s top leaders in the executive suite definitely have to be champions.

“Leadership sets the pack for the rest of the organization,” Henry said.